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[57] ABSTRACT 

A mouse computer input peripheral device includes a win- 
dow area integrally constructed within the mouse and posi- 
tioned at an area on the mouse upon which a user normally 
places a finger in operating the mouse. The mouse further 
includes an illuminating device and a light sensitive detec- 
tion device for providing a user signature signal represen- 
tative of the characteristics of the ridge and valley pattern of 
the fingerprint of a finger placed upon the window area. The 
signature signal is transmitted to the BIOS within the 
computer system in which the mouse is operating and 
compared with one or more stored patterns which have 
previously been authorized for access to the computer 
system. When the user's signature signal is compared with 
and matches one of the stored and approved signature 
signals, the system is enabled and the user is granted access. 

8 Claims, 8 Drawing Sheets 
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MOUSE WITH SECURITY FEATURE 

This is a continuation of copending application Ser. No. 
08/435318 filed on May 5, 1995, now abandoned. 

5 

FIELD OF THE INVENTION 

The present invention relates generally to security 
systems, and more particularly to a security device and 
method for use with a computer system. 

BACKGROUND OF THE INVENTION 

Security problems have long been a concern with personal 
computers, not only for files stored on local hard drives, but 
also for access to networks through which personal com- 15 
puters or PCs are attached. Unauthorized access can lead to 
lost or modified files, compromised personal and corporate 
information, and introduction of viruses to PCs and net- 
works. 

Password protection is the first, and normally only 20 
defense against unauthorized intruders. Passwords are often 
defeated by the users themselves by the choice of easily 
guessed password names, by writing down the password and 
placing it in an easily accessible location, or by using a 
common word which can be found with a search program 25 
using a dictionary database. 

More elaborate schemes are often not adopted because 
they require extensive and expensive additional security that 
may equal or exceed the cost of the cost of the personal 
computer. Less intrusive schemes, such as handwriting 30 
recognition, usually require nonstandard accessories which 
otherwise cost more and often serve no other purpose. Thus, 
there is a need for an apparatus and method to achieve high 
security protection of access to personal computers in an 
unobtrusive fashion which will not require additional desk- 35 
top space or re-programming of standard applications for 
conventional use. 

SUMMARY OF THE INVENTION 

40 

It is therefore an object of the present invention to provide 
a device for inputting information to a computer system by 
a user, wherein the computer system includes a main hous- 
ing for housing computer processing circuitry. The device 
comprises a peripheral housing separate from the main 45 
housing, with the peripheral housing being arranged to 
contain at least one switching device for inputting informa- 
tion to the computer system. The device is further charac- 
terized by including fingerprint acquisition means selec- 
tively operable for providing a user fingerprint signal 50 
representative of the fingerprint of a user, and circuitry for 
transmitting the user fingerprint signal to the main housing 
of the computer system for processing by the computer 
processing circuitry. 

In a more specific embodiment, there is provided memory 55 
circuitry and comparison circuitry within the computer 
processing circuitry, where the comparison circuitry is oper- 
able to compare the user fingerprint signal with authorized 
fingerprint signals in the memory circuit and providing an 
access enable signal when a user fingerprint signal meets 60 
predetermined criteria with one of the authorized fingerprint 
signals. 

In another embodiment, the invention comprises a periph- 
eral device for use within a computer system, the peripheral 
device being operable by a user for interfacing with the 65 
computer system. The peripheral device includes a periph- 
eral housing means for housing electronic circuitry; finger- 
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print acquisition means selectively operable to provide a 
user fingerprint signal representative of the fingerprint of the 
user, memory means for storing at least one authorized 
fingerprint signal representative of an authorized user's 
fingerprint; and comparison circuitry coupled to the finger- 
print acquisition means and said memory means, said com- 
parison means being operable to effect a comparison of the 
user fingerprint signal with the authorized fingerprint signals 
and providing a comparison output signal representative of 
said comparison. 

Another implementation of the present invention includes 
a method for obtaining security clearance prior to enabling 
a user to have access to a computer system, wherein the 
computer system has a main housing for housing memory 
circuitry and processing circuitry therein, and also a mouse 
peripheral device separate from said main housing for 
providing user input to the computer system. The method 
comprising the steps of sensing an impression of a user's 
fingerprint upon said mouse peripheral device; producing a 
user fingerprint signal representative of the sensed finger- 
print; transmitting the user fingerprint signal to the main 
housing; comparing said user fingerprint signal with autho- 
rized user fingerprint signals stored in said memory cir- 
cuitry; and providing a security clearance signal represen- 
tative of the results of the comparison. 

BRIEF DESCRIPTION OF THE DRAWINGS 

A better understanding of the present invention can be 
obtained when the following detailed description of the 
preferred embodiment is considered in conjunction with the 
following drawings, in which: 

FIG. 1 is an illustration of a mouse peripheral device 
utilizing one embodiment of the present invention; 

FIG. 2 is a block diagram of a signal processing scheme 
which may be implemented in practicing the present inven- 
tion; 

FIG. 3 is a perspective schematic diagram illustrating an 
exemplary optical implementation that may be utilized in 
connection with the present invention; 

FIG. 4 is an illustration of a typical computer system in 
which the present invention may be implemented; 

FIG. 5 is a flow chart showing one embodiment of the 
present invention as implemented in a Basic Input Output 
System (BIOS) routine; 

FIG. 6 is another flow diagram illustrating a validate user 
entry routine; 

FIG. 7 is a flow chart showing an interrupt service routine; 
FIG. 8 is a method flow illustrating a mouse driver 
routine; and 

FIG. 9 is a flow chart showing an application security 
check routine. 

FIG. 10 is an illustration of an alternate embodiment of a 
computer system in which the present invention may be 
implemented. 

DETAILED DESCRIPTION 

The exemplary embodiment shown in the drawings 
includes a peripheral mouse device, with a window, an 
integral Charge -Coupled Imaging Device (CCD), and a light 
source coupled with a data encoder, decoder and other 
exemplary processing circuitry. Charge-Coupled Imaging 
Devices are well known in the art and generally include an 
MOS capacitor with an electrode attached on top of silicon 
dioxide on a semiconductor substrate surface. When voltage 
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is supplied between the electrode and the substrate, a deple- In the present example, the switch areas 111 and 113 are 
tion layer is formed at the silicon dioxide and the semicon- implemented with Charge-Coupled Imaging Devices 
ductor interface, resulting in a potential well of low energy (CCDs), and the actuation switch 109 is fully operable to 
ranking for the minority carrier. If the signal charge gener- provide its normal switching and "hold-and-drag", and other 
ated by light radiation is injected into this potential well, the 5 functions as well as being operable to receive fingerprint 
signals are temporarily stored and memorized as analog impressions on the area 111 for further processing as here- 
quantities. inafter explained. It should also be noted that the area 113 on 
In the illustrated embodiment of the present invention, the the side of the mouse 101 may be either a dedicated area for 
CCD elements are arranged in a matrix comprising a light receiving fingerprint impressions or area 113 may also be a 
sensitive CCD device 311 upon which an image of a 1Q switch similar to switch 109 to combine a switching function 
fingerprint is projected as shown in FIG. 3. Each individual with the security function. The switching function served by 
CCD element may correspond to an individual pixel of a such a switch may be totally unrelated to the security feature 
fingerprint signature signal which will be analyzed and or it may be an integral part of the security feature and have 
processed as hereinafter explained. The CCD array 311 as at least one of its purposes, the initiation and/or termi- 
operates as an analog shift register to obtain and transfer out nation of the security function itself, 
pixels of information defining the fingerprint signature pro- 15 In pjQ 2 , a fingerprint image 203, representative of a 
jected thereon. It is noted that many other sensing arrange- fi rint ^ be Ued t0 the ^ m or u3 ^ 
ments may be substituted for the CCD device shown herein d upon a ~ rea 20 1 . Area 201 corresponds to 
to provide a fingerprint signature for comparson wi h ' plates 111 and 113 of FIG. 1. The first step in 
approved fingerprints signatures, to generate a "Pass/Fail' . f . . . *1 
oulput in accordance with the present invention, without 20 lh / P roc fi ess Crated in FIG. 2 includes taking a picture 205 
departing from the spirit and teachings of the present inven- ? f the fingerprint ""age 203. That function may be per- 
t j on formed through various state-of-the-art devices including 
The mouse and circuitry implemented herein is designed Jj» C 9 D d * vice Previously discussed. After taking a picture 
to allow normal operation of the peripheral mouse device for 205 of the fingerprint 203, the information thereby obtained 
information input and control operations in connection with 25 fe "^s 1 ^ mt0 an electrical signal representative thereof, 
a computer, and, at the same time, provide a security T° e fingerprint signal may be encoded and/or compressed if 
function without the need for additional hardware or other desired, by circuitry 207 and applied to additional or other 
devices not normally used with a computer or workstation circuitry, or system circuitry including BIOS, for further 
system assembly. The invention is designed to be used as a processing 209. As illustrated by the signal path 209, the 
replacement for a typical PC mouse and will function as a 30 fingerprint signature signal being processed for system 
standard mouse in all respects under normal use. Moreover, authorization may be transmitted from the mouse peripheral 
it is also anticipated that, in addition to its use in new unit 101 to a main housing 403 as shown in FIG. 4. If more 
systems, the device of the present invention may also be of the processing circuitry is included in the mouse periph- 
designed to include the associated electronics within the eral unit 101, the encode/compress 207 and decode/ 
mouse itself to enable users to directly swap out the present 35 decompress 211 functions may not be required for system 
invention with the mouse they are currently using, and implementation. After the fingerprint signals have been 
receive the added functionality and features of the present processed 209 by the system as may be required by the 
invention. The security feature may also be encoded into the designer of the particular security system, those signals may 
Basic Input Output System (BIOS) so that the security be applied to decode and/or decompress circuitry 211. The 
function cannot be defeated by loading from a floppy disk 40 signals from the Decode/Decompress circuitry 211 are 
when the computer is initiated or "booted". applied to an analysis circuit 213 which provides a pro- 
Referring now to FIG. 1 in detail, there is shown a mouse cessed fingerprint signature signal to a compare circuit 221. 
peripheral input device 101, which includes a body portion A memory device 223, which contains electronic signals 
103. The mouse 101 may be one of any of those in general representative of various "approved" fingerprint signals, is 
widespread use since all of such devices are capable of 45 arranged to provide authorized fingerprint signals to the 
including the features disclosed herein in accordance with compare circuit 221. The compare circuit 221 provides one 
the present invention. The mouse 101 includes the actuation of two output signals "P" and "F", on output lines 215 and 
switches 107 and 109 shown on top of the mouse 101, which 217, respectively, representative of whether or not the sig- 
are or may be modified as hereinafter disclosed. As shown nals representative of the sample fingerprint "pass" or "fail" 
in the present example, the actuation switch 109 also 50 a comparison with one or more stored and authorized 
includes a transparent or frosted section or window area 111 fingerprint sample signals provided by the memory device 
which is arranged to receive a finger, normally a pointer 223. If the initial analysis 213 of the acquired fingerprint 
finger, to input manipulation and control selections from a signature signal fails, the security function may include 
user. several "RETRY" operations or cycles 219. Also, although 
Also shown in FIG. 1 is another window area 113 on the 55 not shown, the Retry cycle 219 may also be called one or 
side of the mouse 101. The second area 113 is located such more times if the compare function 221 does not yield a Pass 
that a user will naturally place a thumb on the area 113 when signal "P". 

operating the mouse 101. Additional window areas may be It will be recognized that the signal processing scheme 

designed into the other side of the mouse device 101 for shown in FIG. 2 and described in detail above may be 

additional fingerprint checks or to accommodate left-handed 60 implemented by and within the mouse peripheral input 

users. A control cable 105 provides an electrical interface to device 101 (FIG. 1), the computer system (FIG. 4), or some 

the computer system to which the mouse 101 is connected. combination of the two. 

As hereinafter explained, the connected computer system In FIG. 3, an impression area 301 includes an impression 

will have all of the standard circuitry and features including 303 of a finger. The area 301 is illuminated by a light source 

the Basic Input Output System which is operational to 65 305 and light rays 307 from the image of the impression 303 

provide fundamental and primary support and control for the are collected by a focusing lens 309 and projected to a light 

entire system. sensitive CCD array 311 . The Light sensitive CCD array 311 
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is implemented to transform the fingerprint image into the system will read the standard mouse data into the return 

corresponding electrical signals for processing as hereinbe- structure 707. If there is no extended fingerprint data present 

fore noted. 709, then the system will exit the Mouse ISR. However, if 

In FIG. 4, a typical computer system includes a display there is extended mouse data present, then the system will 

device 401 which is coupled to a CPU unit or main housing 5 pre-process the fingerprint data into a signature signal, set an 

403. A keyboard 405 is also coupled to the main housing 403 appropriate flag, store the data for the next use 713, and exit 

to provide one means of inputting information to the com- the Mouse ISR 715. FIG. 8 shows the Check Fingerprint 

puter system. A mouse input device 103 is also shown Mouse Driver routine 801. The mouse driver signature is 

connected to the main housing 403. The input provided by obtained 803 and a Wrong Mouse Return 805 may be issued 

the mouse peripheral device 103 is shown connected to the 10 if appropriate. The signature is compared 807 to one or more 

main housing 403 by the cable 105 although input may also approved signatures in memory and if there is a signature 

be transmitted to the main housing through an infrared match 809, an X% return is issued depending on system 

system and still obtain the advantages of the present inven- design. The X% return, for example could include 100% 

tion. The peripheral mouse 103 includes switches 107 and return if no signatures exist in memory. If there is no 

109 as well as the fingerprint sensitive pads or plates as 15 signature match, then an "invalid return" 811 is issued, 

previously disclosed in connection with the FIG. 1 embodi- In FIG. 9, an application security check routine 901 is 

ment. illustrated, which may be called from various places in 

FIG. 5 illustrates the method of the present invention as secure applications. Initially, the Check Fingerprint Mouse 

implemented in a program running on the computer system Driver is called 903. If there is a "wrong mouse" return 905 

shown in FIG. 4. The check fingerprint BIOS routine 501 2 o tnen a wrong mouse violation is displayed 907 and the 

determines if a designated memory contains any pre- application may be exited 909. If there is no "wrong mouse" 

approved signatures 503 and if not, then a "100% Valid" return 905 but the elapsed time exceeds what is designated 

return is generated 505. If there are signatures in the as "normal acquisition time" 911, then a mouse problem 

memory, then a query message is sent to determine the violation message may be displayed 913 and the application 

mouse type 507. If the mouse type being used is not one 2 s ma y ^ e ex i te d 915. If the normal acquisition time has not 

compatible with the security system being implemented 509, been exceeded and a signature is not available 919, then, the 

the "wrong mouse" message 511 is sent from the system. If system may recycle from the "Call" 903. If, however, a 

the mouse type is determined to be a security compatible signature is available 919 and the system is designed for 

mouse, then the "take fingerprint picture" message 513 is 100% valid 921, a "Pass" message is sent. If there is not a 

issued. The system then awaits the Mouse data 515 and 30 100% valid designation 921 but the signature matches one or 

cycles until the mouse data is received. When the mouse data more on file within acceptable limits 923, then a "Pass" 

is received, the system is operable to strip off the standard message 925 is sent. If the signature is not within acceptable 

data, and preprocess fingerprint data into a comparison- limits and a designated retry count has been exceeded 927, 

ready signature 517. If the fingerprint data is not tested then a security check violation is displayed 929 and the 

"good" 519, a picture error message is sent 521. If the 35 system exits the application 931. If the retry count has not 

fingerprint data is sufficient, it is compared 523 to one or been exceeded 927 then the routine recycles from the 

more valid signatures stored in memory. If there is not a beginning. 

signature match, an invalid return signal is sent 527. If there Referring again to FIG. 1, the window area 113 can be 

is a signature match, then an X% valid return signal is sent, located at the side of the mouse 101 where the thumb is 

depending upon the design of the particular system. 40 normally used to grasp the mouse 101 or it can be placed in 

In FIG. 6, a BIOS routine is shown to validate a user entry one of the buttons in a manner such that the button or switch 

601 to the system. Upon initiation, the BIOS is called and is still operational. The window area should optimally be 

the check signature process 603 is run. If there is a wrong clear with a frosted surface on the outside of the window 

mouse return 605, the "Wrong Mouse" message is displayed 1U. All of the light sources are contained within the mouse 

607 and the system loops back to the BIOS call 603. If the 45 101 and shine light at an oblique angle to the window areas 

mouse is correct, a check is made to see if the system 111 and 113. The CCD imaging device views the window 

designer has designed in a 100% valid feature 609 and if so, and is focused on the outside surface of the window 111. 

a "no signatures on file" message may be displayed 611 and The frosted surface 111 or 113 will normally scatter the 

a "pass" message sent to allow entry to the system. If, light in a diffuse, even pattern. When a finger or thumb is 

however, a signature matching function is designed into the 50 placed into contact with the window, the oiled ridges of the 

system, i.e. there is no "100% valid" access, then the input skin whorl patterns will penetrate and fill the frosted areas 

signature is matched against stored approved signatures on while the valleys within the patterns will not. Contrast 

file and a "matching in progress" message 615 may be control can be achieved by varying the intensity of the light 

displayed to the user. If the signature signal compares within source or the timing of the "Read" processing for the CCD 

predetermined limits with stored characteristics of pre- 55 imager. 

approved signatures 617, then a "pass" message is sent 613 When enabled by an enhanced mouse-aware program, the 
to allow entry into the system. If the input signature is not light source is triggered and a snapshot of the fingerprint is 
within limits, and a predetermined retry count has been taken by the CCD imaging device. The CCD data is read out 
exceeded 621, then a fail message 623 is sent and access to from the imaging device and is compressed 207 and trans- 
the system is denied. If, however, the signature is not within 60 mitted 209 to the PC in the form of an extended data record 
acceptable limits but the retry allowance has not been appended to the normal mouse data. Alternatively, a micro- 
exceeded, then the "retry" message is displayed 625 and the processor can be embedded in the mouse to partially process 
user may be allowed again to access the system. the fingerprint data and recognition processing to reduce the 
A Mouse Driver or Interrupt Service Routine 701 is data traffic on the mouse cable. The BIOS programming 
illustrated in FIG. 7. When the mouse data is not presented 65 analyzes the fingerprint data and decompresses 211 the data 
703, the system will exit 705 the Mouse Interrupt Service into an encoded "signature" which is compared 213 against 
Routine (ISR). If, however, the mouse data is presented, then authorized signature profiles which are stored in the sys- 
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tern's memory. The security processing 213 can be rigorous peripheral processing circuitry disposed within said 

or loose in adherence, returns a pass "P" or fail "F" signal peripheral housing for processing said user fingerprint 

to the caller and several passes or "Retry" cycles 219 may signal; and 

be required to positively match a fingerprint signature. comparison circuitry disposed within said peripheral 

The device 101 is capable of transmitting normal mouse 5 housing and coupled to said peripheral processing 

motion and button state information in the default power-up circuitry for comparing said processed user fingerprint 

mode. In the preferred implementation, that information will signal with authorized fingerprint signals to allow 

be transmitted over, for example, a serial communications access to computer system by the user when predeter- 

cable 105 which typically contains power, ground, clock and mined criteria are satisfied. 

data signals. The mouse information may also be transmitted 10 2. The invention as set forth in claim 1 wherein said 

in a wireless arrangement in which such information may be peripheral device is movable relative to the main housing, 

sent, for example, using infrared technology. Such a wireless 3. The invention as set forth in claim 1 further including 

arrangement is shown in the computer system of FIG. 10. memory circuitry, said memory circuitry being coupled to 

Because the system of FIG. 10 is similar to that of FIG. 4, said comparison circuitry, wherein said comparison circuitry 

identical components are given same reference numerals. 15 being operable to compare said user fingerprint signal with 

Mouse data is transmitted to the PC using a serial protocol authorized fingerprint signals in said memory circuit and to 

and encoding the mouse data into the serial stream at rates provide an access enable signal when said user fingerprint 

ranging from 1200 bits per second (BPS) to 9600 BPS or signal meets predetermined criteria with one of said autho- 

higher. Encoded into this stream, in one of several popular rized fingerprint signals. 

or proprietary industry formats, are the button or switch 20 4. The invention as set forth in claim 1 wherein said 

states and the "X" and "Y" position counter information. switching device is selectively operable by a user to input 

Additional information from the processing of the finger- information to the computer system, said switching device 

print signature is added to that byte stream. and said fingerprint acquisition means having at least one 

Normal operation would include invoking the fingerprint common operative part, 

recognition feature in the BIOS at computer initiation or at 25 5 - The invention as set forth in claim 4 wherein said 

"boot" time before the floppy disk is checked. If the mouse common operative part comprises a switching plate, said 

is not present, the boot process fails or starts over. During the switching plate being operable by a user's finger to selec- 

boot process, a modified mouse driver is loaded which livel Y provide a switch closure signal, said switching plate 

provides enhanced mouse features, among which is a call to bein S simultaneously operable to provide an impression of 

the BIOS security feature which can be invoked at critical 30 the fingerprint of the user as an input to said fingerprint 

times, such as before any floppy disk writes after an elapsed acquisition means. 

time-out period, or upon network login, etc. Failure to pass 6* The invention as set forth in claim 5 wherein said 

the fingerprint check results in aborting the application or peripheral device further includes a light source within said 

preventing further use of the PC, depending upon the BIOS peripheral housing and arranged to illuminate said switching 

or application programming. The security processing may 35 P* ate fr° m within said peripheral housing means, said 

also be set-up to run automatically at regular intervals even peripheral device further including a light sensitive device 

interrupting otherwise normal PC operation and operating responsive to said illuminated switching plate for providing 

programs to perform additional and continuing verification sa ^ user fingerprint signal. 

of user authorization. A method for obtaining security clearance to enable a 
The apparatus of the present invention has been described 40 user t0 have access to one or more applications on a 
in connection with the preferred embodiment as disclosed ^ om P uter m ' *** ***** havm S a mam 
herein. Although an embodiment of the present invention housing and having a peripheral input device separate from 
has been shown and described in detail herein, along with sajd mam housin g fc * m P u | tm S information to said corn- 
certain variants thereof, many other varied embodiments ^ puter system, said peripheral mput device housing memory 
that incorporate the teachings of the invention may be easily 45 circuitry and processing circuitry therein, said method corn- 
constructed by those skilled in the art. Accordingly, the pnsm S tQe ste P s ot: 

present invention is not intended to be limited to the specific (a) sensing a predetermined characteristic of a user's 

form set forth herein, but on the contrary, it is intended to fingerprint using said mouse peripheral device; 

cover such alternatives, modifications, and equivalents, as 5Q (b) producing a user identification signal representative of 

can be reasonably included within the spirit and scope of the the sensed characteristic; 

invention as defined by the following claims. ( c ) comparing said user identification signal with autho- 

We claim: rized user identification signals stored in said memory 

1. A peripheral device for inputting information and circuitry; and 

allowing access to a computer system by a user, the com- 55 (d) idm a ^ dearance si { re utive of 

puter system including ,a main housing for housing computer ^ resuUs of said of comparing t0 Mid main 

processing circuitry, the device comprising: housing 

a peripheral housing separate from the main housing, said g. jh e invention as set forth in claim 7 wherein said 

peripheral housing being arranged to contain at least characteristic is a fingerprint topography of the user, and said 

one switching device for generating input information; 60 identification signal is a fingerprint signal representative of 

fingerprint acquisition means selectively operable for said topography, 
providing a user fingerprint signal representative of the 

fingerprint of a user; * * * * * 
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